1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPv6 with dynamic /64 prefix

Discussion in 'Tomato Firmware' started by Anserk, Dec 13, 2013.

  1. Anserk

    Anserk Addicted to LI Member

    I have been running IPv6 on Tomato for a few months now, and there is one issue I can't find a proper solution for. I would appreciate if someone has something to say about this.

    I'm using CenturyLink 6rd tunnel using a custom .wanup script (taken from http://tomatousb.org/forum/t-473266 and modified as needed).
    Code:
    # IPv6 6rd configuration
    WANIP=$(nvram get wan_ipaddr)
    if [ -n "$WANIP" ]; then
      ip tunnel del tun6rd
      V6PREFIX=$(printf '2602:%02x:%02x%02x:%02x00' $(echo $WANIP | tr . ' '))
      ip tunnel add tun6rd mode sit local $WANIP ttl 64
      ip addr add ${V6PREFIX}::1/24 dev tun6rd
      ip addr add ${V6PREFIX}::1/64 dev br0
      ip link set tun6rd mtu 1472
      ip link set tun6rd up
      ip -6 route add ::/0 via ::205.171.2.64 dev tun6rd
    fi
    In Tomato GUI I use manual configuration (I think the 6rd option might do the same thing as above, but it doesn't like /24 prefix which is what I have to use for CenturyLink).

    I've used it with Toastman 1.28.7501, recently switched to Shibby 115 which now doesn't use radvd but dnsmasq instead. IPv6 works perfectly on both, however, the issue I'm having also affects both mods (not really a firmware issue as far as I can see). Obviously, my IPv4 is dynamic, and the script above uses it to assign IPv6 /64 prefix. So when the IP changes, I get a new /64 prefix. Windows 7 clients still have the old IPv6 addresses in addition to the new but Windows uses the old ones. So at this point my IPv6 connectivity for clients is broken because outbound packets never get back (remember, no NAT with IPv6). Doing ipconfig /release6 and then /renew6 does nothing because Windows 7 doesn't use DHCPv6 addresses for it's Internet traffic. If I reboot the machine or disable/re-enable adapter, it gets old addresses out of the way, and IPv6 is back functioning. In either case this is a manual intervention.

    I would expect there should be a way to instruct either radvd or dnsmasq to send out RA telling to expire addresses with no longer valid /64 prefix. Not sure if this is part of the protocol though.

    I see a lot of people on this forum using IPv6. How do you guys circumvent the issue of dynamic WAN IPv6 prefix? I know it's not an issue with static HE tunnels (because they are static) but I get much lower latency with my ISP 6rd, so I'd prefer to use that.
     
  2. Anserk

    Anserk Addicted to LI Member

    After some digging looks like radvd might be able to deprecate prefixes, after all.
    http://manpages.ubuntu.com/manpages/raring/man5/radvd.conf.5.html
    Unfortunately, I can't try it since shibby's mod doesn't contain radvd any longer (unless I downgrade). Not sure if dnsmasq can do something similar. I probably should post the question on dnsmasq forum.
     
  3. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Dnsmasq will handle depracated ipv6 networks configured on an interface just fine when using the constructor option. Have a look at the man page. The issue I suspect is down to how addressed are being added & removed from br0, probably with a restart of dnsmasq which is less then helpful.
     
    koitsu likes this.
  4. Anserk

    Anserk Addicted to LI Member

    Thanks for taking taking and replying Kevin, I really appreciate it. I did look at dnsmaq man pages extensively. I can see this portion relates to my question:
    What it doesn't explain is what needs to happen for the address to be deprecated (highlighted by me). I tried manually removing address from br0 (the same interface that is used with constructor option) using ip addr del <address> dev br0. Right after that command I see "router advertisement on 2602:61:7474:3b00::, old prefix for tun6rd" in the logs, however, life timers on Windows clients don't change.

    On Linux there is a way to set the preferred_lft to 0 using ip addr change command, but it's not available on Tomato. Then again, I don't know if it would be picked up by dnsmasq and sent out via RAs.

    The only thing that did force Windows clients to mark the IPs as deprecated was to set "deprecated" keyword in dnsmasq's dhcp-range lease. I guess I could obtain old prefix and insert it into the dnsmasq.conf or .custom file alongside with the valid prefix. But that would mean dnsmasq would keep sending out the old prefix in RAs forever, just with life timer set to 0.

    I'm curious how it works for other people, surely not everyone has a static prefix.
     
  5. Anserk

    Anserk Addicted to LI Member

    OK, I think I might know what the problem is. On dnsmasq's official page in the Changelog section there is this:
    That fix is present in 2.68. I'm running 2.67. I guess I will have to upgrade to one of the latest Toastman versions to see if the problem is fixed.

    Is there any way to compile dnsmasq 2.68 for Tomato separately? I'm trying to avoid reflashing the router at this point.
     
    Last edited: Dec 17, 2013
  6. koitsu

    koitsu Network Guru Member

    I only follow the RT-N release (not RT), but this is from the READ THIS CHANGELOG FIRST.txt file:

    Code:
    December 13 2013 - 1.28.0503.5 and variants
    
    - dnsmasq updated to 2.68 release
    - fixed tools ping/trace for hostnames with . - :
    
    Thanks to Kevin Darbyshire-Bryant & Simon Kelley
    
     

Share This Page